access2-login.com Open in urlscan Pro
159.223.124.221 Malicious Activity! Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://access2-login.com/
Effective URL:
http://access2-login.com/login.php?online_id=e4d8741afafbe4c3fcba71ebblogin_id=94d26054b41206ebd81b7af3cfcd8da094d26054b4...
Submission Tags: @ecarlesi possiblethreat Search All
Submission: On December 01 via api (December 1st 2023, 5:27:46 pm UTC) from IT — Scanned from IT

Summary HTTP 9 Redirects Behaviour Indicators

Summary

This website contacted 1 IPs in 1 countries across 1 domains to perform 9 HTTP transactions. The main IP is 159.223.124.221, located in North Bergen, United States and belongs to DIGITALOCEAN-ASN, US. The main domain is access2-login.com.

This is the only time access2-login.com was scanned on urlscan.io!

urlscan.io Verdict: Potentially Malicious

Targeting these brands: Bank of America (Banking)

Domain & IP information

	IP Address		AS Autonomous System
1 10	159.223.124.221 159.223.124.221		14061 (DIGITALOC...) (DIGITALOCEAN-ASN)
9	1

10 159.223.124.221 (North Bergen, United States) 1 redirects

ASN14061 (DIGITALOCEAN-ASN, US)

access2-login.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
10	access2-login.com 1 redirects access2-login.com	576 KB
9	1

	Domain	Requested by
10	access2-login.com	1 redirects access2-login.com
9	1

This site contains no links.

Subject Issuer	Validity	Valid

This page contains 1 frames:

Primary Page: http://access2-login.com/login.php?online_id=e4d8741afafbe4c3fcba71ebblogin_id=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0&session=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0
Frame ID: 01F60C9F8262F1E3963BD3D8921D3E9D
Requests: 9 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Bank of America | Log In

Page URL History Show full URLs

http://access2-login.com/ HTTP 302
http://access2-login.com/login.php?online_id=e4d8741afafbe4c3fcba71ebblogin_id=94d26054b41206ebd81b7a... Page URL

Detected technologies

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

\.php(?:$|\?)

Page Statistics

9
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

576 kB
Transfer

573 kB
Size

1
Cookies

0 Outgoing links

These are links going to different origins than the main page.

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://access2-login.com/ HTTP 302
http://access2-login.com/login.php?online_id=e4d8741afafbe4c3fcba71ebblogin_id=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0&session=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

9 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request login.php Show response
access2-login.com/
Redirect Chain

http://access2-login.com/
http://access2-login.com/login.php?online_id=e4d8741afafbe4c3fcba71ebblogin_id=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0&session=94d26054b41206ebd81b7af3cfcd8da094d26054b4120...

10 KB
10 KB

603ms
603ms

Document
text/html

159.223.124.221
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

http://access2-login.com/login.php?online_id=e4d8741afafbe4c3fcba71ebblogin_id=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0&session=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0

Protocol

HTTP/1.1

Server

159.223.124.221 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Apache /

Resource Hash

82b6d0a5f6298762585627a2688f37c4cbe4ad0a7790a15f6d6b8bddf755b72e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36
accept-language: it-IT,it;q=0.9

Response headers

Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Date: Fri, 01 Dec 2023 17:27:39 GMT
Keep-Alive: timeout=5, max=99
Server: Apache
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

Redirect headers

Cache-Control: no-store, no-cache, must-revalidate
Connection: Keep-Alive
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Date: Fri, 01 Dec 2023 17:27:38 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive: timeout=5, max=100
Location: login.php?online_id=e4d8741afafbe4c3fcba71ebblogin_id=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0&session=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0
Pragma: no-cache
Server: Apache
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK vipaa-v4-jawr.css
access2-login.com/bstyles/ 445 KB
445 KB 586ms
580ms Stylesheet
text/css 159.223.124.221
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

http://access2-login.com/bstyles/vipaa-v4-jawr.css

Requested by

Host: access2-login.com
URL: http://access2-login.com/login.php?online_id=e4d8741afafbe4c3fcba71ebblogin_id=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0&session=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0

Protocol

HTTP/1.1

Server

159.223.124.221 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Apache /

Resource Hash

95fb5c3f85d9a25d2e4a8eef407cc7393a56c944e77833b06637d9f86a9c9a2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://access2-login.com/login.php?online_id=e4d8741afafbe4c3fcba71ebblogin_id=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0&session=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 17:27:40 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 15 Sep 2023 18:33:48 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 455808
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK BofA_rgb.png
access2-login.com/bstyles/ 38 KB
39 KB 682ms
676ms Image
image/png 159.223.124.221
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://access2-login.com/bstyles/BofA_rgb.png

Requested by

Protocol

HTTP/1.1

Server

159.223.124.221 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Apache /

Resource Hash

30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://access2-login.com/login.php?online_id=e4d8741afafbe4c3fcba71ebblogin_id=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0&session=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 17:27:40 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 15 Sep 2023 18:33:48 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 39422
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK vipaa-v4-jawr-print.css
access2-login.com/bstyles/ 10 KB
10 KB 666ms
659ms Stylesheet
text/css 159.223.124.221
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to

Full URL

http://access2-login.com/bstyles/vipaa-v4-jawr-print.css

Requested by

Protocol

HTTP/1.1

Server

159.223.124.221 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Apache /

Resource Hash

2f0ac0559a948fa017a8ecdb5bddf7ac54033e8aa1eb91ff7df93243c690f0d1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://access2-login.com/login.php?online_id=e4d8741afafbe4c3fcba71ebblogin_id=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0&session=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 17:27:40 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 15 Sep 2023 18:33:48 GMT
Server: Apache
Content-Type: text/css
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 9953
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK mobile_llama.png
access2-login.com/bstyles/ 19 KB
19 KB 721ms
716ms Image
image/png 159.223.124.221
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://access2-login.com/bstyles/mobile_llama.png

Requested by

Protocol

HTTP/1.1

Server

159.223.124.221 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Apache /

Resource Hash

6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://access2-login.com/login.php?online_id=e4d8741afafbe4c3fcba71ebblogin_id=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0&session=94d26054b41206ebd81b7af3cfcd8da094d26054b41206ebd81b7af3cfcd8da0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 17:27:40 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 15 Sep 2023 18:33:48 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Content-Length: 19167
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK fsd-secure-esp-sprite.png
access2-login.com/bstyles/ 473 B
780 B 266ms
266ms Image
image/png 159.223.124.221
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://access2-login.com/bstyles/fsd-secure-esp-sprite.png

Requested by

Host: access2-login.com
URL: http://access2-login.com/bstyles/vipaa-v4-jawr.css

Protocol

HTTP/1.1

Server

159.223.124.221 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Apache /

Resource Hash

8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://access2-login.com/bstyles/vipaa-v4-jawr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 17:27:41 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 15 Sep 2023 18:33:48 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 473
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK sign-in-sprite.png
access2-login.com/bstyles/ 3 KB
3 KB 338ms
338ms Image
image/png 159.223.124.221
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://access2-login.com/bstyles/sign-in-sprite.png

Requested by

Host: access2-login.com
URL: http://access2-login.com/bstyles/vipaa-v4-jawr.css

Protocol

HTTP/1.1

Server

159.223.124.221 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Apache /

Resource Hash

2a1b1589e316d02ab75481e7aa88c9975afd2e87f17982fb6d38b6ebe2425a4c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://access2-login.com/bstyles/vipaa-v4-jawr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 17:27:41 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 15 Sep 2023 18:33:48 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 3119
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK gfootb-static-sprite.png
access2-login.com/bstyles/ 48 KB
48 KB 371ms
371ms Image
image/png 159.223.124.221
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://access2-login.com/bstyles/gfootb-static-sprite.png

Requested by

Host: access2-login.com
URL: http://access2-login.com/bstyles/vipaa-v4-jawr.css

Protocol

HTTP/1.1

Server

159.223.124.221 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Apache /

Resource Hash

ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://access2-login.com/bstyles/vipaa-v4-jawr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 17:27:41 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 15 Sep 2023 18:33:48 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 48667
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK gfoot-home-icon.png
access2-login.com/bstyles/ 144 B
451 B 385ms
384ms Image
image/png 159.223.124.221
DIGITALOCEAN-ASN

General

Check archive.org

Show headers Download Go to Show image

Full URL

http://access2-login.com/bstyles/gfoot-home-icon.png

Requested by

Host: access2-login.com
URL: http://access2-login.com/bstyles/vipaa-v4-jawr.css

Protocol

HTTP/1.1

Server

159.223.124.221 North Bergen, United States, ASN14061 (DIGITALOCEAN-ASN, US),

Reverse DNS

Software

Apache /

Resource Hash

a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: it-IT,it;q=0.9
Referer: http://access2-login.com/bstyles/vipaa-v4-jawr.css
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.199 Safari/537.36

Response headers

Date: Fri, 01 Dec 2023 17:27:41 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 15 Sep 2023 18:33:48 GMT
Server: Apache
Content-Type: image/png
Connection: Keep-Alive
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=99
Content-Length: 144
X-XSS-Protection: 1; mode=block

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

Phishing against: Bank of America (Banking)

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| validateForm

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			access2-login.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: b83741b954e19c00fdf73ba855e9f26f

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

access2-login.com
159.223.124.221
2a1b1589e316d02ab75481e7aa88c9975afd2e87f17982fb6d38b6ebe2425a4c
2f0ac0559a948fa017a8ecdb5bddf7ac54033e8aa1eb91ff7df93243c690f0d1
30652cee5990b3b76f6cbf6f26362be9254dd62b4c6e6003c1127d1484573787
6bb1d4b1b719488b9812d1fb67b41b03857eec8f4e0a4d46a8066574037d817a
82b6d0a5f6298762585627a2688f37c4cbe4ad0a7790a15f6d6b8bddf755b72e
8c37fb372596058d87dd9208541c49b020d0e840e4f3a5baa27d39be2dc70b01
95fb5c3f85d9a25d2e4a8eef407cc7393a56c944e77833b06637d9f86a9c9a2f
a8bc6337547a246ef75d1ae66d7ec8a0ed6171c1ba49804a403124e27c8e8452
ca3205c6a4eecfd67ad990b62b10e19f601230a2a5b2791676089e82836763f4

access2-login.com Open in urlscan Pro 159.223.124.221 Malicious Activity! Public Scan

Summary

urlscan.io Verdict: Potentially Malicious

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

9 Requests

0 %HTTPS

0 %IPv6

1 Domains

1 Subdomains

1 IPs

1 Countries

576 kBTransfer

573 kBSize

1 Cookies

0 Outgoing links

Page URL History

Redirected requests

9 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Verdicts & Comments Add Verdict or Comment

Potentially malicious activity detected Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!

urlscan

1 JavaScript Global Variables

1 Cookies

Security Headers

Indicators

access2-login.com Open in urlscan Pro
159.223.124.221 Malicious Activity! Public Scan

Screenshot
Live screenshot

Full Image

9
Requests

0 %
HTTPS

0 %
IPv6

1
Domains

1
Subdomains

1
IPs

1
Countries

576 kB
Transfer

573 kB
Size

1
Cookies

9 HTTP transactions
0 data transactions

Potentially malicious activity detected
Disclaimer: These verdicts should be used to detect potentially malicious websites, not as a final verdict!